Started thinking about how you could give AI agents safe and bounded permissions to act independently across multiple services without littering your code base with a bunch of conditionals?
I've repeatedly built these constraint systems before, it's always rate limiters in the email tool, domain filters in the CRM, spend limits in the payment processor. Every time, I (and others) end up solving the same auth/constraint problems independently.
So I built what I'm calling AAIP: The AI Agent Identity Protocol. It's a stateless standard for creating cryptographically signed delegations for AI agents.
With this, you can just create a "delegation". This serves as a signed permission slip, that specifies exactly what an agent can do, for how long, and with what constraints
{ "aaip_version": "1.0", "delegation": { "id": "del_01H8QK9J2M3N4P5Q6R7S8T9V0W", "issuer": { "id": "user@example.com", "type": "oauth", "public_key": "public-key" }, "subject": { "id": "outbound_agent_v1", "type": "custom" }, "scope": ["email:send", "crm:read", "prospects:research"], "constraints": { "max_amount": {"value": 50, "unit": "email"}, "blocked_domains": ["competitor1.com", "competitor2.com"], "time_window": { "start": "2025-07-24T09:00:00Z", "end": "2025-07-24T17:00:00Z" } }, "expires_at": "2025-08-30T23:59:59Z", "not_before": "2025-07-24T00:00:00Z" }, "signature": "ed25519-signature-hex" }
Technical approach: - Ed25519 signatures for cryptographic verification - Self-contained delegations (no external key lookups) - Time-bounded with automatic expiration - Hierarchical scope system with wildcard support - Standard constraints: spending limits, time windows, domain filtering
Full spec and reference implementation -> github dot com slash krisdiallo slash aaip-spec
This feels like where OAuth was in the early web, everyone solving auth differently until a standard emerged. What approaches are you taking? to building AI agent rails? to managing/updating existing constraints?